Regtech: The Fintech Innovation at the Heart of Compliance Transformation

Blockchain, globalization, digitization, cybersecurity, fintech, new customer demands, and more. Money 20/20, the largest global financial industry event focused on payments and financial services innovation for connected commerce at the intersection of mobile, retail, marketing services, data and technology, takes place Oct. 23-26. Once again, Protiviti is proud to be an exhibitor sponsor and speaker at the event.

We will be posting daily dispatches from the event’s sessions, starting Sunday, here and on Twitter. Subscribe and follow us for current commentary, insights and reactions from industry experts as the event unfolds.

Recently, my colleague Jason Goldberg wrote about balancing the competitive need for technology-enabled customer experiences in payments, banking and wealth management with security and privacy controls. Customer-facing technology, as the most publicly visible example of financial technology (fintech), has received a lot of media attention. Nevertheless, it’s only half of the fintech picture.

Behind the scenes, financial institutions are beginning to adopt a subset of fintech, known as regulatory technology, or “regtech.” (Protiviti’s recently-introduced automated Risk Index tool is an example of such regtech solution applied to management information and reporting.)

Like fintech, regtech applies the same nimble, scalable, mobile-friendly solutions and rapid, low-cost cloud deployment to improve risk management, transaction monitoring, regulatory compliance, reporting, data storage and analytics. Unlike fintech however, regtech does not compete with traditional banking for the same customers; rather, it offers new ways of solving old problems by offering, speed, security, and agility in complying with regulatory requirements. As such, financial institutions have good reasons to look forward to implementing the technology.

Regtech has the potential to replace many of the traditional manual and paper-based solutions. Traditional solutions tend to be inflexible, disconnected and hard to update. Traditional solutions also tend to be resource-intensive, tying up both capital and IT capacity.

Regtech enables controls such as employee surveillance and transaction monitoring, on-demand reporting and full population data analytics. It makes conducting risk assessments faster, and provides a better audit trail.

Applied to anti-money laundering (AML) and counter-terrorist financing (CTF) compliance, a regtech real-time transaction monitoring solution can bridge communication gaps by consolidating and analyzing data from disparate systems. Applied to know-your-customer (KYC) processes, regtech can be used to create a secure central data repository with reference data utilities to protect personally identifiable information. The technology also can monitor financial services regulations in every country and region within an institution’s footprint, and report back to internal audit.

In short, the opportunities for regtech in compliance automation, AML and management reporting are many and exciting. Financial institutions historically have struggled to comply with new regulations, in part because the compliance processes were rigid and not easily changed. As regtech matures, risk and compliance functions are likely to see increased operational excellence. Underlying data will become more reliable, enabling better decisions; adoption of new controls and compliance procedures will get faster and easier; and senior management will be able to manage risk more effectively.

One important caveat: Regtech relies heavily on third-party providers of cloud-based technology solutions but this does not mean that these parties assume the risk of the institution. While the IT burden of implementation and maintenance of the new technology may be reduced, there is a new and growing responsibility for institutions to vet and monitor vendors to ensure that the providers’ polices, values and procedures align with those of the organization — especially when it comes to privacy and cybersecurity.

Also, while automation can improve processes, it is critical for financial institutions to review all risk and compliance procedures during project planning to avoid accelerating bad or obsolete processes, and to verify data integrity to ensure that reports are accurate and reliable.

Regtech is a good example of what the U.S. Office of the Comptroller of the Currency meant when it talked about the need for “responsible innovation.” As the financial services industry undergoes a fundamental and disruptive digital transformation, financial institutions are going to need technology-enabled risk management and compliance tools to ensure that they can manage at the speed of risk.

This is an exciting trend and we’ll keep you posted as things develop.